This disclosure relates generally to computing systems, and more specifically to integrity checking for a computing system including side channel monitoring.
Computing systems used for secure data storage applications may require integration with engines that run cryptographic algorithms for data security. However, integrating cryptographic engines into relatively large-scale storage systems with enterprise data resiliency requirements may be problematic. A cryptographic engine may emphasize raw performance and/or low resource usage over data integrity checking that may be needed to ensure proper execution of the cryptographic algorithm. As cryptographic algorithms and protocols may amplify the impact of any errors that occur in the stored data, a lack of integrity checking may be particularly damaging to data integrity when working with encrypted data.
To enable an enterprise storage system to process large encrypted databases while maintaining data integrity, any lack of data integrity protection in the cryptographic engine must be compensated for. Data replication may be used for integrity protection in some systems; however, replication may only be feasible if the system has at least double the resources that are required, and may further require synchronized multiprocessing of operations, which may be complex to implement. On embedded systems that work with sensitive data, such as hardware security modules, smartcards, or other embedded high-assurance environments, power and other resource constraints may prohibit use of replication. Another type of integrity checking includes use of checksums that are generated by the cryptographic algorithm engine during operation. These checksums may be monitored to determine the presence of errors in the operation of the system. However, such checksum generation may not provide sufficient integrity protection for some enterprise storage systems. Cryptographic engine implementations may also contain side channels, which are unintended channels that reveal information regarding intermediate states of cryptographic computation. Side channels are undesirable, as encrypted data may be exposed indirectly via a side channel, even if the full internal state of the cryptographic engine may not be observable from outside the engine.